InfoSec has always preached the triad of “people, process, and technology” as essential for good, effective security. My experience in the industry has been that technology always comes first, followed by process when we can manage it, and people when we get around to them. The main role people play in information security tends to be that of a problem waiting to happen, an insider threat, a negligent user, or just an annoyance to be automated out of existence as best we can. This book is my attempt to invert that, to put people in the center of information security programs and practices. Sometimes people will be threats, but more often they will be the untapped resources with the solutions to many of security’s current challenges.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.