Packt Publishing, in 2018 released “Practical Cyber Intelligence” by Wilson Bautista Jr. a retired military officer who holds the position of Director of IT and InfoSec at i3 Microsystems.
I found this book to be very informative, easy to read as well as easy to follow once I engaged it. One of the key aspects that captured my attention pertained to the vital information and moreover the perspective into information security that is rarely discussed or examined in recent offerings. As a practitioner in the information security field, this book can serve as a handbook for team leads, managers, directors and CISOs responsible for securing organizational assets. As an educator of information security, this book can serve as a key role in courses dealing with in the management of information security as a possible text, but definitely as supplemental reading text.
The author asks a lot of questions to help the reader think of the problems organizations have to face when tasked to protect their assets, but he also answered a great deal of questions to aid the reader in understanding solutions to those very problems. One such example that hit home with me existed in chapter 1 in the section titled “Intelligence drives operations”. Here Bautista explained the concept of “Priority Information Requirements (PIRs)” in military use and used a commercial, non-military example of the concept to illustrate how it fits in the information security arena. These are the real world examples that it a joy to read and increased my over knowledge in the field.
The table of content represented an orderly and organized method to following the text. The first few chapters provided information and historical references to build a foundational concepts of the overall topic. Each chapter literally builds on top of the next chapter while reinforcing information from the previous chapter in conjunction to building new knowledge and concepts the further you read.
The body of the book consist of fifteen (15) well-written chapters with the last chapter being more of a conclusion/wrap-up chapter.
Below is a summary of each chapter:
Chapter 1, The Need for Cyber Intelligence – Bautista does an excellent job explaining to the reader the reason why organizations need to incorporate a cyber intelligence component into their organization’s cyber security posture. He then provided a brief history of how intelligence have been used in the military drawing from stories pertaining to the American Revolutionary War and Napoleon’s use of intelligence. Bautista did an excellent job in explaining the different type if intelligence gathering and what information would fall under those categories. This chapter was gratifying and informative as it laid a strong foundation cyber intelligence.
Chapter 2, Intelligence Development – Bautista introduced a useful concept in information hierarchy known as “DIKW” which stands for Data, Information, Knowledge and Wisdom. This concept discussed the techniques that would be used to sort through massive data to turn in into actionable intelligence. I found this chapter to be very useful as he provided processes such as “The Intelligence Cycle Steps” that can be mapped to current security data collection procedures in an organization.
Chapter 3, Integrating Cyber Intel, Security, and Operations – In this chapter, Bautista introduced and explains the concept of operation security (OPSEC), as well as discussed the concept of developing a strategic cyber intelligence capability by adding the Capability Maturity Model (CMM) into the discussion. Once again, he took the time to explain the OPSEC process, by breaking it down into five (5) steps and examined the model of the cyber intelligence program roles into three (3) sections.
Chapter 4, Using Cyber Intelligence to Enable Active Defense – In the chapter, Bautista reintroduced the concept of CMM as well as the Cyber Kill Chain which aids in identifying the actions needed by an adversary to exploit a target. Once again, he provided a detail breakdown of active defense topics which covered a wide range of concepts.
Chapter 5, F3EAD For You and For Me – In this chapter, the author introduced the Find, Fix, Finish, Exploit, Analyze, and Disseminate process that is deployed for high value targets and it’s applicability to the Cyber Kill Chain. Bautista begins by defining the concept of targeting, then provides a practical scenario where the intelligence cycle and F3EAD were integrated. He also examines many concepts previously discussed as it relates to F3EAD and Cyber Kill Chain.
Chapter 6, Integrating Threat Intelligence and Operations – In this chapter, Bautista examines in detail how cyber intelligence can be incorporated in a security program. I enjoyed this chapter due to my familiarity with many of the processes, actions and concepts as an InfoSec practitioner. He discussed the concept of evidence-base knowledge and the tools associated with them. Many topics once again were re-introduced such as CMM and how information gather can be implemented with some popular and commonly used tools.
Chapter 7, Creating the Collaboration Capability – In this chapter, the main goal was to explain the process and importance of creating a collaboration capability to support a cyber intelligence program throughout the organization. Some key thoughts discussed were the formal communication such as policies and reports, and informal communications such as working groups and influence. He also explained how communication fits into cyber intelligence and what tools can aid in the process.
Chapter 8, The Security Stack – The author provided a view on how information captured from different security capabilities can be developed into cyber intelligence to support decision making. Once again CMM is reintroduced for information security in great detail. This chapter was very informative for the security practitioner.
Chapter 9, Driving Cyber Intel – In this chapter, Bautista shared an interesting topic of leveraging the user community as a source of information gathering and reporting. The chapter looks into the importance and usefulness of security awareness and examining the CMM process in detail to drive the security awareness process.
Chapter 10, Baselines and Anomalies – In this chapter, Bautista discussed the difficulty of reporting and metrics in operations and continuous monitoring is examined under the CMM concept in great detail.
Chapter 11, Putting out the Fires – Bautista introduced the concept of handling anomalies, by discussing ways to improve incident response through developing good intelligence communication channels. The incident response process is explained in detail and once again incorporated into the CMM.
Chapter 12, Vulnerability Management – In this chapter, Bautista discussed how an organization can reduce weaknesses through the concept of vulnerability management. He explained in detail once again the under the CMM concept the process of scanning, reporting and managing in conjunction to the scoring systems.
Chapter 13, Risky Business and Chapter 14, Assigning – These chapters are closely related as Bautista introduced a broad overview of risk, data classification, risk metrics and key risk indicators under the CMM concept. Some interesting governance, risk management and compliance (GRC) tools are provided to aid with the process.
Chapter 15, Wrapping Up – Bautista provided an overall summary of the book and concepts covered within. He described a scenario of an established cyber intelligence program the their operational practices. It is worth reading and it is relatively short.
Bautista’s approach in his book “Practical Cyber Intelligence” was comprehensive for both the beginner and seasoned security practitioner regardless of their role. I do think a seasoned professional in leadership will find more value in the text as compared to a Jr. Security Analyst. In addition, as an educator, this text definitely has a role in the academic realm especially in the graduate level.
This book is a contribution to the information security community and will surely aid in producing knowledgeable information security leaders and managers in the future. I personally enjoyed chapter 6, Integrating Threat Intelligence and Operations, chapter 11, putting out the Fires and chapter 12, Vulnerability Management the most as I was able to relate from my professional experience. I do recommend that if you are interested in expanding your knowledge in information security or if you are in a leadership role and would like to know more about topic of protecting your organization beyond the traditional manner, this book would be a great source.
Bautista Jr., Wilson (2018). Practical Cyber Intelligence. Packt Publishing
Packt is searching for authors like you
If you’re interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. They have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that they are recruiting an author for, or submit your own idea.