REVIEW - 97 Things Every Information Security Professional Should Know - Practical and Approachable Advice from the Experts


97 Things Every Information Security Professional Should Know

Practical and Approachable Advice from the Experts


Christina Morillo


O'Reilly Media (2021)




Emyr Williams


May 2022



Verdict: Recommended

There’s been a lot in the news lately of cyber attacks. One only needs to look at the technical news outlets to read stories of either a gang of hackers, or state actors attacking a company or a country’s cyber infrastructure.

So this book is very much a book for this time. And it’s an enlightening read for a newbie such as myself. I found that this book covers a wide range of topics and concepts relating to cyber security such as risk management, application security, DevOps, identity and access management, different types of cyberattacks and so much more.

There is something in this book for everyone from the newbie such as myself to the seasoned professional. For example, I’d never heard of stalkerware before I read this book, (and I find it disturbing that such a thing exists…).

But it’s a book full of good information and practical advice. A few pieces of advice stood out, one entitled Focus on the What and Why First, Not the Tool. The author (and editor of this book) explains how in InfoSec folk tend to focus on the tools at the expense of failing to understand what the tool is there to accomplish. Which gives rise to the old adage, ‘If all you have is a hammer, everything looks like a nail’. The writer states the case that we should strive to understand the problem, the current processes that the tool is to fit into, rightfully stating that you cannot solve something you don’t understand.

The book doesn’t just cover the technical aspect of cyber security, but also the physical and legal aspects too. There’s one piece of guidance from a lawyer advising that you ensure sign off on each scope of your penetration testing from your customer, and that they understand the legal implications.

It also covers the human element of security, such as people asking systems to remember their passwords for example, how to help reduce the risk of phishing attacks or how to empower the people who use your systems, and get them to understand that they are the most important aspect of your system’s security.

This book doesn’t tell you the how, but rather points you in the general direction you should head, and this is where the numerous contributions to the book comes to its own. Each author has a unique insight in to their chosen field, and each segment is digestible and easy to read. It’s certainly made me think.

The only complaint I have, is that there were some slight issues with the print, where the author’s photo had encroached on the chapter’s subtitle, but that’s the only thing I can say that niggled me, and that was on one page, so it’s a very minor complaint.

I found this an excellent and informative read, this really is a must-read for anyone who works in the field of information security, and anyone who’s interested in cyber security.

Would I recommend? Certainly.


Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED

By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED

Settings can be changed at any time from the Cookie Policy page.