I received my Masters in Cyber Security in 2020 and am currently taking a refresher class at Harvard to try and see what area I'd most like to focus on for potential jobs in the future, so I always enjoy reading whatever I can about cyber security.  I found this book to touch on many, many, different topics and give you a really good overview for a starting off point if you're just starting to get curious about cyber security and what all it entails.  It features some real-world examples which I always enjoy reading the most (unless they're about Taylor Swift, ick) and gives you a little bit about a lotta things! If you already know a lot about cyber security, then this book can be a nice refresher (and probably has some examples you didn't see before) but if you're new to cyber security and are trying to find out if it might be a fit for you - then I definitely think reading this book would be beneficial.

I received a free e-copy of this book from NetGalley in order to write this review. I was not otherwise compensated.

“Confident Cyber Security” is a well organized and fairly comprehensive introduction to the world of cyber security. This book focuses on the need for cyber security awareness and the dangers implicit in ignoring ever increasing cyber threats . To be clear, this book will not teach the reader significant cyber security related skills in as much as it will teach the reader the very important prerequisite skill of how to think about cyber security. As such this book will be of most use to individuals who have cyber security adjacent roles, work in management or are in the early stages of becoming a professional practitioner.

A major strength of this book is that it narrates many cases of cyber security incidents and provides a large number of case studies. This works to give the reader a fairly comprehensive view of the scope of the cyber security field. Additionally, potential risks and methods to handle them are well covered by this approach.

An additional and unusual strength of this book is the author’s focus on factors that affect the individual’s ability to perform as a competent practitioner. Thus, she sheds light on such topics as avoiding imposter syndrome, developing a growth mindset and avoiding overconfidence. This approach is a welcome nod to the importance of human factors in cyber security.

Less well covered are the technical aspects of cyber security, although this can be mostly forgiven in a work of this length. For the most part the book is good in defining and explaining important concepts related to cyber security. However, somewhat inexplicably several key concepts are left out. Thus the book does not cover the CIA Triad model or similar models and the concept of an attack surface is left out.

An additional weakness in the copy provided for review is the absence of both a glossary of key terms and an index. A list of recommended texts would also be welcome, although the documented sources at the end of each chapter should provide some additional reading.

In summary, readers would be overconfident to rely only on this book to develop a command of the cyber security field. It is, however, a solid resource with clear and accessible explanations that should enable committed individuals to build their knowledge of an important and expanding field.

Thanks to NetGalley and the publisher, Kogan Page Ltd., for providing me with an advanced reading copy in exchange for my honest review.