A brief but comprehensive guide to cybersecurity for the technically unsophisticated.
Debut author and cybersecurity professional Bjarnason says that he observed, in his capacity as an information-technology worker, a “severe lack of training” regarding online safety on the part of the “average computer user.” He created this manual to provide an accessible introduction for that sizable and vulnerable class. For a brief volume of well under 200 pages, it covers a broad range of subjects, including what to consider when using shared computers and when to use multiple email accounts, as well as more technical topics, such as the distinction between synchronous or asynchronous encryption. Still, the book is clearly aimed at amateurs; at one point, for instance, the author provides a lucid analysis of the different parts of a URL (“a fancy term for a web address”). At the heart of his strategy is rational caution—a “skeptical mindset” that meticulously vets every situation for potential danger but stops short of paranoia. “Critical thinking skills play a pivotal role in your online safety, as you may have noticed already,” he writes. In short: “If you don’t know what it is, don’t touch it.” Overall, Bjarnason employs an informal and even cheeky style: In the service of demonstrating the power of clickbait, for example, he explains that his book’s subtitle is deceptively sensationalistic: “NSA,” in this case, stands for “network secure architecture,” he says, and “CIA” for the “triad” of “confidentiality, integrity, and availability.” In the end, the author largely delivers what he promises—a useful, sensible primer for the uninitiated on an essential and woefully esoteric subject. That said, the book lacks a clear organizational plan, meandering from subject to subject. It also lingers on subjects of limited practical value; for example, a discussion of threat modeling will be all but useless to Bjarnason’s target audience. His prose, though, is consistently transparent, and his expertise is beyond reproach, as he has decades of experience in the IT industry.
A concise and practical, if peripatetic, single-volume cybersecurity manual.