Guest Post/Virtual Tour ~ No More Magic Wands by George Finney

Why Blogging Is Important

Writing my book, No More Magic Wands, has changed my career.  I didn’t get a promotion.  Job offers didn’t start pouring in.  Other people at the office didn’t start looking at me differently.  What changed was that I was different.  For the first time, I looked at my job and the things that I was doing, and I saw them with new eyes.  And I loved it.  I felt more engaged than I ever had.

Blogging, for me, keeps this feeling alive.  It forces me to explore my own ideas in ways that just aren’t possible at the office, or at conferences, or at lunches with my peers.  I find that writing my ideas down forces me to take a look at what matters most.

The side effect of this, is that my job had become fun.  I’m not saying I didn’t like my job before.  But now it feels like it is MY job.  I’m doing it my way, not the way everyone else is doing it.

One of the dangers to blogging, I think, is that it can lead to focusing too much on topics that will get a lot of attention.  That may make sense if you’re working on contempoaray issues, but I feel like for me it was a big distraction.  When I first started blogging, I was focusing on legal issues around cybersecurity.  I wrote an article that got picked up by several big cybersecurity sites, and all I wanted was to get that next big fix of clicks.

For me, blogging isn’t about getting attention.  There are a ton of sites out there that discuss newsworthy topics like election hacking or security breaches.  Those are really important.  But those sites are only talking about symptoms of the problem.  What I like to explore in my work are ways that we can change the way we work to solve the problem. 

I like helping people, and I feel like blogging is one way that I can give back.  I really love the blogs out there that embrace this, whether they’re about helping moms or dads raise their kids, helping people live healthier lives, or helping connect people. 

Publisher: CreateSpace (September 10, 2016)
Genre: Business/Leadership/Management/Cybersecurity/Technology
ISBN-10: 1535538929
ISBN-13: 978-1535538923
ASIN: B01L4CIMHK
Buy: Amazon, Kindle, IndieBound, The Book Depository

no-more-magic-wands

Once upon a time there was a company that made magic wands, but when they were hacked all the magic in the world couldn’t prevent their data from being stolen. If that company had a chance for a clean start, what would they have done differently? The unlikely hero isn’t a security guy. She’s a business elf who makes it her mission to change the way her company does business from the top down.

Most books on Cybersecurity are written for highly technical professionals, focus on specific compliance regulations, or are intended for reference. No More Magic Wands is different…it takes complex security concepts and puts them into practice in easy to read, relateable stories.

GEORGE FINNEY, ESQ., has worked in Cybersecurity for over 15 years and is the author of No More Magic Wands: Transformative Cybersecurity Change for Everyone. He is currently the Chief Information Security Officer for Southern Methodist University where he has also taught on the subject of Corporate Cybersecurity and Information Assurance. Mr. Finney is an attorney and is a Certified Information Privacy Professional as well as a Certified Information Security Systems Professional and has spoken on Cybersecurity topics across the country.

 

Website * Facebook * Goodreads * Blog

Excerpt ~

Security is everyone’s job.

That’s what we say as security professionals. It’s not a copout. It’s not as if we’re trying to pass off our jobs on everyone else. It really does take everyone working in concert to make an organization truly secure. So why, then, do we do so little to enable those outside the cybersecurity field to do their part of the universal security job? We often provide some training, usually in the form of mandatory twenty-minute propaganda videos. But what about tools? Maybe we create a button to encrypt email data or to report phishing. What about books? Mostly we just provide a bunch of technical reference manuals, white papers, or standards written for the highly technical security professional. In them are policies that no one ever reads.

If security is everyone’s job, everyone needs to have the right tools to actually do the job. Not some of the tools. Not a little bit of the information. All of it.

In cybersecurity, all of us are on the frontlines of a complicated battle involving governments, organized crime, activists, and more which makes security being everyone’s job even more important. If that’s your goal, you must empower your employees to take initiative. They should be able to think for themselves. They should not have to ask for direction. If you constantly tell people exactly what to do and how to do it, they’ll never develop the ability to be self-directed. This is why cybersecurity should entail real-world, experienced-based training—not just awareness—to create a culture of ownership. Annual training should be progressive, and its lessons should build over several years. The company should provide real examples of cybersecurity issues in order to give the training efforts a specific direction and focus. If the training involves reading from a binder or sticking to a narrow script, what will happen when something off-script happens? Employees won’t know how to react and will have to ask for input from their supervisors.

If we improve our communal awareness of cybersecurity, we can start to develop a kind of collective immunity to cybercrime. Today, it is cheap and easy to be a cybercriminal: software isn’t difficult to hack, and people make even easier targets. This means the victims are plentiful, and the risks of getting caught or prosecuted are extremely low. However, if the cost of cybercrime increases and the chances of getting caught go up, the volume of cybercrime will be forced down (assuming cybercriminal’s ill-gotten profits remain the same).

There needs to be an ecosystem of participation in security so that salespeople, accountants, attorneys, bankers, doctors, librarians, barbers, and car salesmen can all communicate with one another about the types of cybercrime they’ve experienced: How they were hacked and what they did to improve their security measures. What technologies worked and which ones didn’t. Which common techniques hackers are employing today. Everyone should be able to look to the security community for leadership and find answers.

Great cybersecurity is possible, but it’s not easy.

Have you ever felt like someone was asking you to waive your magic wand at a problem and make it go away? You may have wanted to shout, “It’s not that easy!” This is what’s happening in cybersecurity. Waive your magic wand and everything will be better? Not in real life. If there really was a magic wand to be found, then thousands of companies wouldn’t become the victims of cybercriminals every year. Software could be made to run perfectly, business processes would be designed without loopholes, everyone would follow policy, and employees would be constantly vigilant. Cybersecurity would be a thing of the past.

This book imagines what life would be like for a magic-wand manufacturing company, staffed entirely by elves, after knockoff wands with their label start cropping up. On top of that, their customers’ private information gets leaked and becomes scattered all across the enchanted forest. But the elves still have one magic wand. Can they use it to fix the mess? Or will they have to think of something else—some other way to prevent the villains of the enchanted forest from going one step further and stealing their greatest treasure?

The unlikely hero isn’t a security guy. She’s a business elf who makes it her mission to change the way her company does business from the top down. One of the first things she does is build a coalition of partners inside and outside the business to help make those changes happen. She looks for other fairy-tale creatures who have had personal or professional experiences with cybercrime and who have taken to heart the hard lessons of being hacked. She considers weathering the trials of being hacked a badge of honor, not a failure on their part. She has to learn how to talk to other business creatures about security—and she has to do it in their language, not her own. On her quest, she must challenge people to change their ways before the next breach happens, which she does by simulating a hack on the company, thereby creating the learning experience of being breached without the negative consequences. In this new world, she learns that it needs to be okay for people to challenge authority, even when it might normally be considered rude. Without a culture of inquiry and vigilance, actual security will be out of reach. She realizes that, just like a healthy immune system, there needs to be multiple interconnected structures inside the organization to keep things working together.

This book isn’t written for technology professionals, although it may help them as well. It’s written for anyone and everyone who wants to make a difference and improve cybersecurity. The first lesson that students of cybersecurity learn about cybersecurity is that there’s a constantly evolving cycle of improvement. Although basic principles will remain the same, you must always grow and adapt to various threats as they emerge. You will never arrive at a state of perfect security.

No matter how good you are, you will be hacked at some point.

It may be a surprise to hear, but hackers are an important part of the security ecosystem. Hackers help the security ecosystem improve, particularly when they reveal the vulnerabilities they find or disclose the methods they used to expose weaknesses in a company’s security measures. Imagine a young infant: we don’t want the baby to get sick, but if she were never exposed to germs, her immune system wouldn’t properly develop and she could wind up being very weak and vulnerable later on in life. Without hackers, our cyber immune system wouldn’t develop and could be susceptible to worse cyber threats: attacks from government-sponsored actors, large-scale organized crime, or malicious inside jobs. Therefore, this book is for hackers too. Keep us honest. Make us better.

Tour Schedule

Monday, May 1

Interview at Cheryl’s Book Nook

Tuesday, May 2

Book Featured at Mello & June, It’s a Book Thang!

Wednesday, May 3

Book Featured at Books, Dreams, Life

Thursday, May 4

Interview at Book Bloggin’ Princess

Friday, May 5

Book Featured at I’m Shelf-ish

Interview at The Book Connection

********

Monday, May 8

Interview at The Writer’s Life

Tuesday, May 9

Interview at PUYB Virtual Book Club

Wednesday, May 10

Interview at My Bookish Pleasures

Thursday, May 11

Guest Blogging at Dear Reader, Love Author

Friday, May 12

Book Featured at A Title Wave

********

Monday, May 15

Guest Blogging at The Story Behind the Book

Tuesday, May 16

Interview at The Dark Phantom Reviews

Wednesday, May 17

Book Featured at The Bookworm Lodge

Thursday, May 18

Interview at Literarily Speaking

Guest Blogging at Hart’s Reader Pulse

Friday, May 19

Guest Blogging at Lori’s Reading Corner

********

Monday, May 22

Interview at Deal Sharing Aunt

Tuesday, May 23

Interview at The Literary Nook

Wednesday, May 24

Book Featured at Lisa – Queen of Random

********

Monday, May 29

Book Featured at Nuttin’ But Books

Wednesday, May 31

Interview at Confessions of an Eccentric Bookaholic

 

 

Facebook Twitter Email Linkedin Reddit Tumblr Digg Stumbleupon Delicious Pinterest

Speak Your Mind

*

CommentLuv badge

Social links powered by Ecreative Internet Marketing